Digital systems rely on timing subsystems to operate properly. Such timing subsystems are vulnerable to anomalies, which are difficult to detect. When dealing with network security including digital systems, anomalies can be the result of a spoofing or jamming attack. A spoofing attack is a technique used by a hacker or attacker to masquerade or falsify data, unknown to users of the digital system. A jamming attack is a technique used by an attacker to degrade or completely block a data signal.
A Global Navigation Satellite System (GNSS) spoofing attack involves an attempt by a hacker to trick a GNSS receiver, such as a Global Positioning System (GPS) receiver, by broadcasting a signal that is different than the signals received from GPS satellites. The broadcasted signals are designed to appear as normal or standard GPS signals. However, the spoofed signals are modified in such a manner to cause the GPS receiver to produce bad time or timing intervals and/or produce a position at a location determined by the attacker, as opposed to the actual Coordinated Universal Time (UTC) time or the receiver's actual location. Thus, the goal of spoofing in this example is to provide a GPS receiver with a misleading signal and therefore deceive the receiver by using inaccurate, false signals when making positioning and timing calculations.
The reliance on GPS within civil infrastructure is an inherent security vulnerability. Individuals, groups, or nations interested in causing harm can target a GPS reliant system, thereby disrupting or disabling swaths of infrastructure including national critical infrastructure (e.g. the financial and power industries, as well as cellular communication systems and automated teller machines (ATMs)). In particular, the concern is over GPS spoofing, an insidious form of intentional interference whereby a spoofer transmits counterfeit GPS signals to an unsuspecting (and unprotected) receiver. Spoofing is more malignant than jamming, because current civil receivers trust all GPS signals to be true, and therefore cannot warn the user, much less take evasive action, when confronted with counterfeit signals.
While the GPS Precision Code (P-code) is encrypted, and thus is difficult to spoof, the civilian GPS signal, the Coarse/Acquisition code (C/A code), is relatively easier to spoof because the signal structure, the spread spectrum codes, and the modulation methods are open to the public. Insecure civil GPS technology has recently been utilized by critical systems, such as military vehicles, communications systems, banking and finance institutions and the power grid. Consequently, these systems can be severely compromised when subject to a spoofing attack resulting in positioning or timing anomalies.
Further, spoofing and/or jamming becomes more difficult to detect when dealing with mobile assets. Mobile assets are expected to display some movement and change in location, which needs to be accounted for when determining whether location information has been spoofed or not. Mobile assets may also not be able to rely on fixed communication links, and therefore may need to rely on less secure modes of communication for location information. These less secure communication modes may similarly be more susceptible to spoofing and/or jamming. Thus, detecting threats to mobile assets introduces several factors that complicate or render unusable traditional threat detection techniques.